Collecting Customer ZIP Codes Violates State Privacy Laws in Massachusetts

The Supreme Judicial Court here in Massachusetts ruled last week (in response to certified question from the federal district court) that retention of consumer ZIP codes by retailers was a violation of the state’s privacy and consumer protection laws.

Chain retailer Michaels was engaged in the practice of asking customers who used their credit cards for their ZIP code. The retailer then used the ZIP code to look up the customers’ phone numbers and addresses to make unsolicited sales calls and mailings. Massachusetts law prohibits companies from requesting personal information from credit card users unless the information is necessary for shipping or is required under the retailer’s credit card agreement.

The SJC ruled that although the law did not specifically make reference to ZIP codes, they are nonetheless personal information.

Although customer data such as this is very important to retailers, Massachusetts companies engaging in credit card transactions, or any company engaging in credit card transactions in Massachusetts or with Massachusetts domicilaries should do well to avoid asking for personal information, such as physical or mailing addresses, email addresses, phone numbers, or even ZIP codes, unless your credit card agreement requires you to do so, or the information is necessary ship to the customer — be also on the lookout if you use a third-party payment processor who collects such information without either of the conditions permitted by state law.